How to detect who's issuing a wrong kfree

Question

I am suspecting a double kfree in my kernel code. Basically, I have a data structure that is kzalloced and kfreed in a module. I notice that the same address is allocated and then allocated again without being freed in the module.

I would like to know what technique should I employ in finding where the wrong kfree is issued.

Answer 1

1. Yes, kmemleak is an excellent tool, especially suitable for system-wide analysis.

Note that if you are going to use it to analyze a kernel module, you may need to save the addresses of the ELF sections containing the code of the module (.text, .init.text, ...) when the module is loaded. This may help you decipher the call stacks in the kmemleak's report. It usually makes sense to ask kmemleak to produce a report after the module has been unloaded but kmemleak cannot resolve the addresses at that time.

While a module is loaded, the addresses fo its sections can be found in the files in /sys/module/<module_name>/sections/.

After you have found the section each code address in the report belongs to and the corresponding offset into that section, you can use objdump, gdb, addr2line or a similar tool to obtain more detailed information about where the event of interest occurred.

2. Besides that, if you are working on an x86 system and you would like to analyze a single kernel module, you can also use KEDR LeakCheck tool.

Unlike kmemleak, most of the time, it is not required to rebuild the kernel to be able to use KEDR.

The instructions on how to build and use KEDR are here. A simple example of how LeakCheck can be used is described in "Detecting Memory Leaks" section.

Answer 2

Have you tried enabling the kmemleak detection code?

See Documentation/kmemleak.txt for details.